MOVING TO THE CLOUD: Tips for Successful Change

---

MOVING TO THE CLOUD: Tips for Successful Change Management

Heiko Spallek Khalil Yazdi David Rankin Lynn Johnson

1

Internet2 and Internet2 NET+ Services 2

Cloud Promise and Challenges Customized Solutions?

compliance with HIPAA/FERPA

CAPEX to OPEX

Reduced administrative overhead: Restructuring administrative processes “automated provisioning”

Scale, Elastic Speed

Volume of acquisition “Green” benefits

innovative approaches?

Individual/institution has minimal impact

vendor “lock in” commodity services

Use what you need

Focus on local specialization not ‘hybrid’ environments plumbing IT acquisition approaches Who supports students, faculty and staff? security, data privacy and accessibility 3

Founded

INTERNET2 Powered by Community …

In 1996 by research universities to take self- responsibility for providing a data networking environment that would not otherwise exist, or exist as and when the community of scholars needed it

Mission Develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet

Goals

Accelerating Research & Education through Innovation

• Enable new generation of applications • Re-create leading edge R&E network capability • Transfer technology and experience to the global production Internet

Community • R&E member institutions, affiliates, agencies, etc.. • Rich and complex regional network community • Global NREN community 4

The R&E Network

262+ Universities 80+ Corporations 70+ Government agencies 42 Regional & state networks 65+ International R&E networks

5 February 27, 2015

© 2013 Internet2

Building a “Brokered Community Cloud” The R&E Community acting on its own behalf LEVERAGING COMMUNITY ASSETS COMPLETE CLOUD DEPLOYMENT PLATFORM FOR THE ACADEMY

SCALABLE AND AGILE TO MEET BROAD USER MOBILITY NEEDS

TRUSTED STANDARDS, INTEGRATED IDENTITY AND ADVANCED NETWORK DELIVERY 6

What is Internet2 NET+ Services all about? A partnership to provide a portfolio of solutions for Internet2 member organizations that are cost-effective, easy to access, simple to administer, and tailored to the unique, shared needs of the community: • Define a new generation of value-added services • Leverage the Internet2 R&E Network and other services such as InCommon • Drive down the costs of provisioning/consuming services • Provide a strategic partnership with service providers (new service offerings). • Leverage community scale for better pricing and terms • Develop solutions that meet performance, usability, and security requirements • Provide a single point of contracting and provisioning 7

Cloud Service Portfolios for Higher Ed

RESPONSIVE, ACCELERATED CLOUD PLATFORM

• • • • • • • •

Trust & Identity Software As A Service Infrastructure, Platform, Security Video, Voice & Collaboration Digital Content For Research & Education

Peer Validated Security Performance and Accessibility Standards from over 260 CIOs Input from University General Counsel and Procurement Officers

8

HOW IT WORKS Requirements of Service Providers •

Identified Sponsor: CIO or other senior executive from a member institution

•

Membership in Internet2 and InCommon Federation

•

Adoption of InCommon -Shibboleth/SAML2.0 and Connection of services to the R&E Network

•

Completion of the Internet2 NET+ Cloud Control Matrix

•

Commitment to: ▪ A formal Service Validation with 5-7 member institutions ▪ Enterprise wide offerings and best pricing at community scale ▪ Establishing a service advisory board for each service offering ▪ Community business terms (Internet2 NET+ Business and Customer agreements) ▪ support the community’s security, privacy, compliance and accessibility obligations

•

Willingness to work with the Internet2 community to customize services to meet the unique needs of education and research

9

GET INVOLVED IN THE

NET+ SERVICE LIFECYCLE

Sponsored by Community Members

Designed by participating campuses, providers and Internet2

Subscription by Community Members, Regional and Global partners

All delivered at global scale, tailored to R&E needs, and benefitting all participating institutions 10

NET+ Service Validation Components •

Functional Assessment

•

– Review features and functionality – Tune service for research and education community

•

•

o Legal: customized agreement using NET+ community contract templates o Business model o Define pricing and value proposition

Technical Integration – Network: determine optimal connection and optimize service to use the Internet2 R&E network – Identity: InCommon integration

Security and Compliance – Security assessment: Cloud Controls Matrix – FERPA, HIPAA, privacy, data handling – Accessibility

Business

•

Deployment o Documentation o Use cases o Support model

11

COMMUNITY -DRIVEN CLOUD SINCE 2010

4

2 services launched in General Availability

NET+ Designed

13 founding campuses

2010

to leverage community engagement and community assetsInCommon and the Internet2 R&E Network

2011

8

Services in General Availability

6

50+

In Early Adoption

services launched

14

300+

In Service Validation

campuses participating

6

7.8m

650+

In Service Validation

User Identities via InCommon

Cloud Service subscriptions

In Early Adoption

2012

2013

2014

12

Internet2 NET+ Services: Current Engagements

13 Updated September 2014

Examples of Cloud Services Deployed at Scale Leveraging community developed offerings, preferred pricing and business terms

100+ universities cloud storage and collaboration campus-wide (18 months) 40+ universities leveraging the NET+ Splunk offering (6 months) 20+ universities moved their LMS to Instructure’s Canvas (6 months) 15+ universities leveraging Code42’s CrashPlan offering (12 months)

14

Dimensions of Realized Benefit • Cost Avoidance • Lower pricing • Lower procurement cost/effort • Community based due-diligence • Enhanced Value • Favorable terms • Better alignment with local IT architecture • Provides competitive options as the number of providers in each portfolio services category increases • Future Proofing (lower risk) • Strategic engagement with provider at community scale • Leveraging community purchasing power 15

http://www.internet2.edu/cloud-services/

16

http://www.internet2.edu/netplus/faq

17

The Perils of Customization Heiko Spallek, DMD, PhD, MSBA(CIS) University of Pittsburgh, School of Dental Medicine Associate Dean, Office of Faculty Affairs Executive Director, Center for Informatics in Oral Health Translational Research Associate Professor, Dental Public Health

The EHR Evolution uniqueness of EHR solution commoditization ubiquity

IT

= transport mechanism for digital information

EHR = transport mechanism for patient information

transport mechanisms benefit from interoperability (think railroad!)

Is Uniqueness Worth the Cost?

But we are unique…

customization selling point adoption of best practice efficiency, quality

ABC Standard

Customized: Good luck!

Customization Problems ● ● ● ● ●

no upgrades to retain customization re-develop customized functionality regression testing warranty issues HR problems

Reasons for Adopting Standards 1. 2. 3. 4.

Research, e.g. Big Data Interoperability, e.g. EDR <—> EMR Learning Health System Meaningful Use

Example: unique storage to common storage $12,000/year

$2,000/year

ADA Standards Committee for Dental Informatics (SCDI)

IT Governance @ University of Michigan Lynn Johnson, PhD Associate Dean

Dental Informatics Advisory Group (DIAG) •1 Faculty from each department •2 Students •2 Staff •Dental Informatics staff as needed •Chair is Associate Dean Charge •Set priorities •Research and reviewer products

Philosophy: Cloud services that are “Best of Breed” •Don’t want to be “locked in” like Comcast! ☺ •De-coupling the services •Select services in which we can exchange data (Web Services) •Research, research, research

Movement to cloud University of Michigan

• Google Apps • Box • Amazon Web Services • eduroam • Foliotek*

School of Dentistry • eCurriculum • eClass • Televox • Lexicomp • DataMotion • Pentaho

Movement to Cloud: Services under consideration School of University of Dentistry Michigan • Service Now • Canvas • DuoSecurity

• Lab Archives • DocuSign

Process (for Clinical Grading)

DIAG sets Priorities

Research

Approval

Televox

Reports

(reminders)

axiUm DataMotion (Secure Email)

EHR

Scheduling

Lexicomp

Billing

eClass (Clinical Assessment)

Clinical Research

(drug database)

Mobile

Televox

DataMotion (Secure Email)

Reports

EHR

ePrescrition

Scheduling Lexicomp (drug database

Billing

eClass (Clinical Assessment)

Clinical Research

Mobile

Hospital Integration

Getting there: Setting Priorities • We took a survey! • We decided to make priorities based on: Priority

Fills Meaningful Use need Pre-requisite to other need High personnel impact High financial impact Fill Accreditation needs Function in place vs. currently unmet Other

Ranking

3.8 3.6 3.5 3.0 2.8 2.7 0.0

Getting there: Setting Priorities Function Student Grading (???) Secure Correspondence (DataMotion) Other (Lab Archives, DuoSecurity, DocuSign) EHR (ICE Health Systems) Instrumentation System Digital Imaging E-Prescriptions Finance Learning Management System Credentialing System ePortfolio

Rank 1.7 2.5 4.0 4.2 4.3 5.0 5.3 6.0 6.5 7.0 7.3

How UNC Chapel Hill is addressing the shifting sands of increased Cloud Security By David B. Rankin, MS, Certificate in Information Assurance IT Director, UNC School of Dentistry

The Clouds at UNC Chapel Hill • Private Cloud – Hosted on premise at UNC • Public Cloud – Purchased from a vendor or using free services like Google, Microsoft, etc.

Private Cloud @ UNC-CH Hosted on premise at UNC • Central IT - http://its.unc.edu/services/ – Hosting Services (Citrix, VMWare) – Research Computing Clusters – SAKAI

• Departments and Schools – VMWare – Citrix and Microsoft Terminal Services – Other

Public Cloud @ UNC-CH Hosted at a Vendor’s location • Google Services (Mail, Docs, Drive, etc.) • HeelMail (Email for Students) • Qualtrics (Survey software) • Qualys (Security and Vulnerability Scanning) • Gartner Portal (Technology Research) • Microsoft IT Academy (eLearning for Microsoft products)

Security, Policy and Compliance @ UNC-CH • How do we ensure that qualified people are operating the servers that house the University’s data? • How do we secure the University information? • How do we mitigate risk? • How do we ensure compliance with University policies, State statutes and Federal laws. http://help.unc. edu/help/what-issensitive-data/

Private Cloud Vetting • UNC Security Policies • UNC Systems Administrator Initiative (SAI) • Inventory of Sensitive Data Servers • Qualys Scanning of Sensitive Servers

Public Cloud Vetting • University Purchasing • University General Counsel • Central IT – Security – Technology

UNC Private Cloud Security Standards • 3rd Party Audit of Vendor using CCM standard • SOC2 • ISO 27001

Conclusion UNC Chapel Hill is responsible for the security of its data. Where it is hosted or how does not matter.